system: add defaults for newer sysctls

11bb2b90 · Franco Fichtner · 59deb5f7 · 11bb2b90 · 11bb2b90
Commit 11bb2b90 authored Aug 13, 2015 by Franco Fichtner
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 10 deletions

config.xml.sample src/etc/config.xml.sample +3 -10

system.inc src/etc/inc/system.inc +4 -0

No files found.
--- a/src/etc/config.xml.sample
+++ b/src/etc/config.xml.sample
@@ -55,16 +55,9 @@
 		</item>
 		<item>
 			<descr><![CDATA[
-				Redirect attacks are the purposeful mass issuing of ICMP type 5 packets. In a normal network, redirects
+				Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
-				to the end stations should not be required. To defend against this type of attack both the sending and
+				to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
-				accepting of redirect should be disabled.
+				packets without returning a response.
-			]]></descr>
-			<tunable>net.inet.icmp.redirect</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[
-				This option enables the NIC to drop all inbound ICMP redirect packets without returning a response.
 			]]></descr>
 			<tunable>net.inet.icmp.drop_redirect</tunable>
 			<value>default</value>

--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -78,6 +78,10 @@ function get_default_sysctl_value($id)
 		"net.inet.tcp.recvspace" => "65228",
 		"net.inet.tcp.sendspace" => "65228",
 		"net.inet.ip.fastforwarding" => "0",
+		'net.inet.ip.sourceroute' => '0',
+		'net.inet.ip.accept_sourceroute' => '0',
+		'net.inet.icmp.drop_redirect' => '0',
+		'net.inet.icmp.log_redirect' => '0',
 		"net.inet.tcp.delayed_ack" => "0",
 		"net.inet.udp.maxdgram" => "57344",
 		"net.inet.ip.intr_queue_maxlen" => "1000",